The age of “big data” is here, along with a growing list of big data breaches and the big mess created for millions of affected consumers. The only thing missing is big consequences for companies that are causing these big losses.
Last week, Equifax lost highly confidential personal and financial data on as many as 143 million people. The worst part? You didn’t even give them permission to obtain this information. They can legally collect, store and share it regardless.
Although banks have a self-serving track record of their own at least as a client, you have a direct relationship that permits you to use the law to hold them accountable. Imagine if you woke up one morning to find your bank lost all your money in a cybersecurity hack. Would you just accept that? Unlikely.
But when similar news that Equifax lost highly valuable data which could result in your identity, home, credit or investments being stolen or compromised, we shrug. Just another bad day in the tragic land of big data, right?
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Then the astonishing corporate response adds to this growing tragedy. Nearly two months after the breach, they are “letting consumers know” if they have been affected. You could supposedly go online to determine if your data was compromised, but that has already been exposed as a self-serving, non-functioning trick mostly aimed at providing “help” of only temporarily free services – profiteering from this breach in full view of all. Choosing paltry offers of either one year of free credit tracking or a one-time credit freeze, you had to also initially agree not to pursue legal action against them to obtain these fixes. What genuine contrition and offer of help does that constitute?
Maybe the big government can help, right? Doubtful. The regulator of note in this instance is riven with debate about its own role in cybersecurity enforcement and lacks any real credibility. It has made no meaningful progress to define strict standards of public conduct and protocols required of companies handling consumer data breaches. It also has no authority to impose fines for lapses either. So it is toothless and it shows. With the notoriously lax legislated standards imposed on this industry by Congress, sadly no criminal laws were broken.
While a few states’ attorney generals have already launched investigations, unless they rise up in legal revolt together, there’s little legal liability looming for Equifax on that front either. So Equifax gets to hold your financial life story in apparently unreliable servers; lacks any permission to possess your data; prevents your access or control over it and then aggregates and resells it to the highest bidder and nobody seems to mind.
The consequence of our indifference as consumers is the complete loss of control over our own personal data while Equifax gets away with data murder. So what will it take to wake us all up from this big data nightmare?
I have been predicting that consumers would eventually demand that their politicians help them hold companies accountable to regulate corrupt business models like credit reporting. But they have not.
I have predicted that the growing cybersecurity threat would unleash massive proactive class action suits by consumers for damages merely on the act of a data breach occurring rather than waiting for provable future losses before suing. But they have not.
I have predicted that a growing fear of brand damage and a resulting decline in their stock price would make CEO’s and CIO’s more wary of underspending on cybersecurity initiatives and that companies would start sufficient spending to secure valuable consumer data from theft. But they have not.
Equifax had the profits necessary to act in our best interests but instead treated data security expenses as discretionary controlled to a minimum required to avoid legal liability in order to keep their earnings per share up to market expectations. What a fatal mistake.
As an IT professional, I understand nobody can ever offer 100 percent data security. But I can also tell you every IT professional I know lives in a terrifying world lacking enough resources, time and people to do the job as they hope. Companies simply do not understand what is required to achieve security in this precarious and globally risky business environment.
Big companies made “big data” happen. Now, “big security” must follow, despite the costs. Regulators and legislators need to remind them through coordinated actions that they can spend it now to protect us all in advance or pay it later in big fines when they don’t. But either way, they are going to pay. Otherwise, the only ones paying will be consumers.
Date: Sep 11, 2017